再来看initial这个方法
def initial(self, request, *args, **kwargs): """ Runs anything that needs to occur prior to calling the method handler. """ self.format_kwarg = self.get_format_suffix(**kwargs) # Perform content negotiation and store the accepted info on the request neg = self.perform_content_negotiation(request) request.accepted_renderer, request.accepted_media_type = neg # Determine the API version, if versioning is in use. version, scheme = self.determine_version(request, *args, **kwargs) request.version, request.versioning_scheme = version, scheme # Ensure that the incoming request is permitted self.perform_authentication(request) self.check_permissions(request) self.check_throttles(request)先执行get_format_suffix来获取客户端所发送的url的后缀
然后执行perform_content_negotiation方法,从它的注释可以知道这个方法的主要作用是执行内容选择,并把服务端接收到的信息保存在request中
然后再执行determine_version方法
def determine_version(self, request, *args, **kwargs): """ If versioning is being used, then determine any API version for the incoming request. Returns a two-tuple of (version, versioning_scheme) """ if self.versioning_class is None: return (None, None) scheme = self.versioning_class() return (scheme.determine_version(request, *args, **kwargs), scheme)在determine_version方法的官方注释中可以知道,determine_version方法的主要作用是
如果url中有版本信息,就获取发送到服务端的版本,返回一个元组执行完上面的方法,再执行perform_authentication方法来进行认证操作
来看下perform_authentication方法的源码
def perform_authentication(self, request): """ Perform authentication on the incoming request. Note that if you override this and simply 'pass', then authentication will instead be performed lazily, the first time either `request.user` or `request.auth` is accessed. """ request.user从上面有代码及注释中可以看出,perform_authentication方法的作用就是
执行认证功能,确认进行后续操作的用户是被允许的. perform_authentication方法返回经过认证的用户对象执行完perform_authentication方法,就会执行check_permissions方法
def check_permissions(self, request): """ Check if the request should be permitted. Raises an appropriate exception if the request is not permitted. """ for permission in self.get_permissions(): if not permission.has_permission(request, self): self.permission_denied( request, message=getattr(permission, 'message', None) )check_permissions方法的作用是
如果用户通过认证,检查用户是否有权限访问url中所传的路径. 如用用户访问的是没有没有权限的路径,则会抛出异常.check_permissions方法执行完成后,就会执行check_throttles方法
check_throttles方法的作用是检查用户是否被限制了访问主机的次数
如果用户访问服务器的次数超出设定值,则会抛出一个异常
例如,如果想限制一个ip地址每秒钟只能访问几次,一个小时之内最多可以访问多少次,就可以在settings.py文件中进行配置
def check_throttles(self, request): """ Check if request should be throttled. Raises an appropriate exception if the request is throttled. """ for throttle in self.get_throttles(): if not throttle.allow_request(request, self): self.throttled(request, throttle.wait())initial这个方法执行完成后,request.method.lower把请求的方法转换成小写
# Get the appropriate handler method if request.method.lower() in self.http_method_names: handler = getattr(self, request.method.lower(), self.http_method_not_allowed) else: handler = self.http_method_not_allowed response = handler(request, *args, **kwargs)再通过通过反射的方式来执行UsersView类中的get或post等自定义方法
需要注意的是,在执行initial方法之前,使用了try/except方法来进行异常处理
如果执行initial方法的时候出现错误,就调用handle_exception来处理initial方法抛出的异常,返回正确的响应信息
def handle_exception(self, exc): """ Handle any exception that occurs, by returning an appropriate response, or re-raising the error. """ if isinstance(exc, (exceptions.NotAuthenticated, exceptions.AuthenticationFailed)): # WWW-Authenticate header for 401 responses, else coerce to 403 auth_header = self.get_authenticate_header(self.request) if auth_header: exc.auth_header = auth_header else: exc.status_code = status.HTTP_403_FORBIDDEN exception_handler = self.get_exception_handler() context = self.get_exception_handler_context() response = exception_handler(exc, context) if response is None: self.raise_uncaught_exception(exc) response.exception = True return response在前面,如果initial方法执行完成没有抛出异常,则根据反射执行自定义的请求方法,然后返回响应信息
如果initial方法抛出异常则执行handle_exception方法处理抛出的异常,也返回响应信息